Weng et al., 2011 - Google Patents
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection systemWeng et al., 2011
View PDF- Document ID
- 9619112052640513790
- Author
- Weng N
- Vespa L
- Soewito B
- Publication year
- Publication venue
- Computer Networks
External Links
Snippet
An intrusion detection system (IDS) is a promising technique for detecting and thwarting attacks on computer systems and networks. In the context of ever-changing threats, new attacks are constantly created, and new rules for identifying them are dramatically …
- 238000001514 detection method 0 title abstract description 57
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30943—Information retrieval; Database structures therefor; File system structures therefor details of database functions independent of the retrieved data type
- G06F17/30964—Querying
- G06F17/30979—Query processing
- G06F17/30985—Query processing by using string matching techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup or address filtering
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Al-Asli et al. | Review of signature-based techniques in antivirus products | |
| Xu et al. | A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms | |
| Lin et al. | Using string matching for deep packet inspection | |
| AbuHmed et al. | A survey on deep packet inspection for intrusion detection systems | |
| El-Maghraby et al. | A survey on deep packet inspection | |
| Chen et al. | A survey on the application of FPGAs for network infrastructure security | |
| US9514246B2 (en) | Anchored patterns | |
| US9858051B2 (en) | Regex compiler | |
| Zheng et al. | Algorithms to speedup pattern matching for network intrusion detection systems | |
| Weng et al. | Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system | |
| Abbasi et al. | Deep learning-based feature extraction and optimizing pattern matching for intrusion detection using finite state machine | |
| Najam et al. | Speculative parallel pattern matching using stride-k DFA for deep packet inspection | |
| Pao et al. | A memory-based NFA regular expression match engine for signature-based intrusion detection | |
| Aldwairi et al. | Efficient wu-manber pattern matching hardware for intrusion and malware detection | |
| Hieu et al. | ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS | |
| Wang et al. | Strifa: Stride finite automata for high-speed regular expression matching in network intrusion detection systems | |
| Artan et al. | Tribica: Trie bitmap content analyzer for high-speed network intrusion detection | |
| CN112054992B (en) | Malicious traffic identification method and device, electronic equipment and storage medium | |
| Vespa et al. | Deterministic finite automata characterization and optimization for scalable pattern matching | |
| Hadi et al. | A Scalable Pattern Matching Implementation on Hardware using Data Level Parallelism | |
| Liu et al. | A prefiltering approach to regular expression matching for network security systems | |
| Bando et al. | Range hash for regular expression pre-filtering | |
| Oha et al. | Machine learning models for malicious traffic detection in IoT networks/IoT-23 dataset | |
| Trabelsi et al. | Hybrid mechanism towards network packet early acceptance and rejection for unified threat management | |
| Nakahara et al. | The parallel sieve method for a virus scanning engine |